I don't know where you've got this definition of SQL Injection, but it's only partially accurate.
Wikipedia's definition is much more accurate:
SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (...)
The crucial part to understand about SQL injection is how it actually works. A user named "Your Common Sense" have written a good, simple explanation about that right here.
In a nutshell, SQL Injection is the act of "injecting" SQL code into un protected SQL statements - thus allowing the attacker to find details about the database, sometimes up to the point that the attacker can take control over the entire data server.
Keeping complete SQL statements inside your database might be an open door to what's refered to as "Second order SQL injection" (Wikipedia, same page:)
Second order SQL injection occurs when submitted values contain malicious commands that are stored rather than executed immediately.
So, a direct answer to your question is: It depends. This might be a real SQL Injection threat.
You see, In order to successfully perform a second order SQL injection, simply storing SQL statements in the database is not enough - your application must also execute them (since the attacker does not have direct access to your database. If they did, they wouldn't need to mess around with SQL Injection anymore).
SQL injection risk can be eliminated entirely by using parameterized queries.
Second order SQL injection risk is only relevant if your application is designed to store complete SQL statements and then run them.
If your application is designed to do that, then you must defend yourself by not allowing the users to write free-text sql, but instead provide an interface for them to do it safely, while the back end will generate parameterized queries for them.